Is cyber insurance part of the cyberattack problem?

Is cyber insurance part of the cyberattack problem? | Insurance Business

If there is one area of insurance that has dominated conversations during 2017, it would have to be “cyber.” Once seemingly a policy “for the future,” it has been thrust into the mainstream spotlight by high profile attacks such as Petya and WannaCry.

However, could cyber insurance actually be the cause as well as the cure?

Writing in The Enterprise Times, researchers at WatchGuard, a security company, have expressed concern that cyber insurance risks are fuelling an increase in ransomware.

“We find it concerning that insurers sometimes pay ransoms to recover their customers’ data,” Corey Nachreiner, CTO at WatchGuard Technologies told The Enterprise Times. “While we understand the business decision, insurers currently have no long-term actuarial data for cyber incidents and ransomware. It is possible that paying ransoms will encourage this criminal business model and increase the number of incidents insurers have to handle or the cost of ransoms.”

Insurers, of course, may argue that such speculation is absurd. After all, insurers have paid out on claims for a host of criminal activities over the years – there is no evidence that paying out on a kidnap and ransom policy, for example, has prompted an upsurge in such incidents.

However, WatchGuard believes that the case of ransomware is different because cyber criminals are looking to exploit companies that actually have insurance in place – making them priority targets. As such, Nachreiner suggests that insurers should require firms to have strict security measures in place before offering cover.

“We expect SMBs to continue to adopt extortion insurance in 2018 but cyber insurance should not replace security controls and best practices,” explained Nachreiner. “We predict that insurance providers will start to implement guidelines that require companies to have strong security controls in place as a prerequisite. When combined with other layers of security, cyber insurance is a great addition to your cyber security strategy.”